torproject/torbrowser-launcher
1
0
Fork 0
mirror of https://github.com/torproject/torbrowser-launcher.git synced 2025-02-16 22:29:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

AppArmor: silence denial of sys_ptrace capability

Browse Source 
We already allow ptrace for its relevant subprocesses via ptrace
rules, and I'm unsure if the full capability is really needed. I see
lots of other profiles which have ptrace rules without the capability
so I guess not. And I wonder if allowing the capability allows ptrace
for arbitrary processes, which would be really bad.

So let's assume it's not needed and we'll see what happens.
This commit is contained in:
anonym 2023-09-07 18:17:18 +02:00
parent b257da0390
commit 29e1fe419a
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apparmor/torbrowser.Browser.firefox
View File

@ -12,6 +12,8 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
#include <abstractions/opencl>
#include if exists <abstractions/vulkan>
deny capability sys_ptrace,
# Uncomment the following lines if you want to give the Tor Browser read-write
# access to most of your personal files.
# #include <abstractions/user-download>